Target's business and image took a beating after a massive data breach occurred in the 2013 holiday shopping season, exposing personal data of about 110 million customers who had used their debit and credit cards at the store.

In the aftermath, several states and the federal government launched criminal investigations into the company. Target executives testified before Congress and multiple lawsuits were filed.

Customers also stayed away, hurting sales. And Target spent $61 million in the final months of 2013 addressing the breach.

The company has been fighting to reclaim its reputation, but still has multiple issues looming. Here's how things stand:

Investigation is ongoing, no arrests yet: Earlier this year, Attorney General Eric Holder told a Senate committee that his office was joining the investigation into the Target data breach. The Secret Service and several states also said they were investigating. No arrests have been made so far related to the hacker data breach.

Brian Krebs demystifies today's hacker

New cards aim to protect customers:Target(TGT) inked a deal with MasterCard to bring a more secure version of its credit cards to stores by September. The cards will be enabled with computer chips and require customers to type in a PIN, which would prevent the mass theft of personal information that occurred at Target.

Target shakes up executive ranks: The breach led to the resignation of the company's chief information officer and the creation of two new positions: chief information security officer and a chief compliance officer. As chief information officer, it named Bob DeRodes, formerly a technology adviser to various U.S. government agencies including the Department of Homeland Security and the Justice Department. Target said it is looking externally to fill all positions in its information security division.

Lawsuits pending but big payout could loom: Approximately 100 lawsuits -- including class action suits, suits filed on behalf of banks and suits from shareholders -- have been bundled together and are being presided over by a U.S. District Court judge in Minnesota, Target's home state. It's unclear if Target is on the hook for any big payout.

Rival retailer TJ Maxx(TJX) had to pay millions in multiple settlements after hackers stole data from around 45 million credit cards of shoppers at its discount stores T.J. Maxx and Marshalls. Among other payments, the company paid $40 million to Visa and the banks that processed credit card payments.

The Consumer Bankers Association recently said the banks have already spent $200 million related to Target's breach.